Help attaching a device to user in BESExpress
 

Has anyone had any luck trying to attach a device to a user in BESExpress?

I know that wireless is not possible after reading the documentation for attaching a user, and my BB does not have WiFi. So all that is left is the Blackberry Administrative Service and Blackberry Web Desktop Manager portal.

I have tried attaching the device to the user in the Blackberry Administrative Service portal, it sees the BB attached (usb), but when I chose the user then click "Associate user" it just hangs.

When I try to attach the device using the Blackberry Web Desktop Manager, I received the error message "The Blackberry Web Desktop Manager is unable to complete this action. Please contact your administrator for more information."

I am still new to BES, so if there is a log file somewhere that will help me/you say what is wrong please let me know.

BB: 9530 (Storm) on BIS
Windows 2003 R2 SP2
Exchange 2007 SP2

Thank you.

If you figure it out let me know
 

I am trying this too. Moving from a "real" BES to BESX wiped device, checked permissions a thousand times, etc...no luck.

Keep me posted.

Wes

I started digging through the \Logs directory and found an error in the xxxxx_BBAS-NCC_01_20100303_001.txt log file saying..
com.rim.bes.bas.besutilityaccess.DeviceActivationJ NIException: JBeginActivation::ProvisionUser Provision user failed[sourcefile = c:\ec_build\besxp_5.0.1\6280\bx_adminservice\sourc e\enterprise\bas\server\nativeutil\src\core\main\c pp\basbesutil\src\jbeginactivation.cpp line=286]

Same here
 

I went and looked at the BAS log and it has exactly the same thing. I migrated the plan on the phone to BIS (because I plan to use it that way). I'm wondering if that has something to do with it. Should be supported but...

Wes

Same problem
 

Same problem trying to activate 4 brand new BB Bold devices. I am seeing the same error in the BBAS-NCC log file:

com.rim.bes.bas.besutilityaccess.DeviceActivationJ NIException: JBeginActivation::ProvisionUser Provision user failed[sourcefile = c:\ec_build\besxp_5.0.1\6280\bx_adminservice\sourc e\enterprise\bas\server\nativeutil\src\core\main\c pp\basbesutil\src\jbeginactivation.cpp line=286]


Hey RIM, how's about fixing this?

Got the user attached
 

It was a permissions problem. I'm obviouosly not too amazing at using Exchange Server Manager because it took me forever to get the SendAs stuff right in every place, but finally I did.

The IEMSTest.exe utility is your friend. All I can say is you have to read through it VERY thoroughly and not until it passes an account 100% will anythinig work. Also, although it may not have been necessary, after I made permissions changes, I elected to reboot the BES. Now I've attached the user to the device. However, I am still waiting on Activation to work. Activating without wireless and without any specific button that says Activate (like exists on the Berry) is a little wierd to me still.

Wes

Same Issue
 

I am having the same exact problem, with the same error line showing in the logs. I am wondering if it is the same permissions problem I am having that keeps bouncing back for the wired activation. weskeene, would you be able to provide any information on how exactly you were able to fix the permissions on the server? Below is my server config in case anyone who has a similar setup has been plagued with the activation issue.

-Windows Server 2008 SP2
-Exchange 2007 SP2

I'll try
 

Basically, you'll see articles that outline going into Exchange System Manager and First Administrative Group, and then right clicking your server and such to enable Send As. Make sure you DO that step.

Also, I found one peice of advise that suggested in AD Users and Computers that you should assign individual Send As rights by editing the BESAdmin user. I found that wasn't a great plan, instead it was better for me to edit each user and add BESAdmin's Send As, Receive As, and Admin Store functions from there.

Also, BESAdmin should only be a Domain User and nothing else.

Also, BESAdmin should be made a View Only Administrator from ESM. Right click the top most node of the tree, and pick the Delegate or Delegation option and follow the steps to add BESAdmin.

My activation problems now are stemming from an old, bad SRP I was using from the BPS days, which is not what RIM has on record for me. A service request is open.

Wes

Well I triple checked my Send As everywhere and mine checks out. Yet I have the same activation issues as everyone else with the failure occuring in the BBAS log. With the IEMSTest failing on "Send As"

I logged a ticket with RIM with my one free service request. Who knows if they will get to it (hope so!).

Last time I installed a BES server was 4.0 Enterprise. Nice to see that BES still sucks and requires a PhD and a team of labcoats to get it running, even after following all the server guidelines. Blackberry's support portal is pretty much uesless in terms of self-help support.

Update!

After deciphering the above posts:

1. Enable advanced features in AD
2. Go to BESAdmin user
3. Security tab
4. Add the BESAdmin user to the Security tab giving Send As, Receive As - this is in addition to the defaults that were in there.

My IEMSTest.exe works now! Too bad my one Blackberry user at this location left for the day.... I felt like I was so close!

So I don't know if this is the fix, but at least I got past the IEMSTest.exe

no PHD here and I goofed up on my first install. :razz:

So I have tried the different recommendations from shorelinetrading, and weskeene. I get the permissions set for send-as on the BESAdmin account, and the IEMSTest runs, and says all the tests pass, but I still cannot activate a device through BAS using a wire. I also am noticing that after a little while, if I run the IEMSTest again, the send-as permission part fails, almost as if the permission is somehow not sticking. I am not sure if this is an Exchange 2007 problem, or something with Windows Server 2008. I am totally open to any new ideas, because this is driving me a bit crazy. My question is whether anyone who couldn't do a wired activation was able to do it OTA. It might be worth it to switch to a BES plan temporarily on my device just to activate it, although my feeling is that why would OTA activation work if the wired activation won't.

I am glad to hear everyone else got their IEMSTest to pass. I ended up removing my BESExpress and sometime ill reinstall it and try again..

.. update: I tried to reinstall BESExpress, but I am receiving the warning "Mismatched Microsoft Data Access Component (MDAC) versions recorded in the registry". (I seem to remember having this warning before but installed anyway, and I am guess is related to my prior issues)

I ran the Component Checker from Microsoft and it came back and said it found:
MDAC 2.8 ON WINDOWS XP SP2
MDAC 2.8 SP2 ON WINDOWS SERVER 2003 SP2

Has anyone else experienced this? Anyone know how to fix it?

Yep, same here - my account lost the permissions too after coming back after several hours. I remember about reading about this in the MS support DB for Exchange researching the underlying problem we are fixing here... it applies to us both. So I'm guessing that we can either execute the fix provided OR remove the "Administrator" group from the BESAdmin user as weskeene mentioned. Don't know if there are side effects, but you would need to manually add the BESAdmin user to the "Log on locally" rights for the server or you couldn't log in using your BESAdmin user. Obviously logging on locally via BESAdmin is critical.

Here's the KB (forum won't let me link) The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server.. KB 907434

I'm going to try the workaround mentioned after the Win2k stuff and see what happens.... I'll post back here.

Ok - just applied the fix by creating a batch file on my Windows 2003 server:

Replace YOURDOMAIN with your domain (and if you are .net or .local, don't forget to change the domain extension) and BESAdminAccountNamehere with your BES account name. Omit the domain for the service account if it's not a domain account (like mine is as my Exchange server is a DC).

Then re-add the permissions that I described previously to the BESAdmin account (Send As, Receive As in Security).

I'm waiting to see in a few hours if my permissions stick.

I was looking around the forum and I found this article (http://www.blackberryforums.com.au/f...ge-2007-a.html) and it states:

"The missing MAPI and CDO DLLs cause problems when installing/upgrading the BlackBerry Enterprise Server with Microsoft Exchange 2007. This will be noted by receiving MAPI mismatch errors. As a result, the BlackBerry Enterprise Server cannot communicate with Microsoft Exchange directly or access the Global Address List and other server objects without these files."

Does this mean that it is normal to have the mismatch errors I spoke about above? Is anyone else having the same warning when they installed BES/BESExpress?

Thank You

I also found another problem that is related to permissions on my server. In the MAGT log, I get the line
"BlackBerry Messaging Agent 1 failed to start. Error code 5305"
From the research I found, this is related to article KB01018. It basically can be related to a public folders or permissions issue. If you didn't install Exchange 2007 enabled with mixed mode support, therefore the public folders were not created. However, in my instance, I am pretty positive I did install with mixed mode, and I do have public folders created. Has anyone else seen this line in their MAGT log?

Ok after coming back in the morning I can say that the MS hotfix kept the permissions in tact without auto-removal. My IEMSTest reports all systems normal. The workaround applies to all versions of Exchange running on any OS as far as I can tell.

Now I won't have a chance to add a user until late next week. I'd like to know if someone else who's applied the MS fix and the BESAdmin security permissions can add a wired user now through web desktop/admin?

My Resolution
 

Ok, so after about two hours on the phone with RIM, my problem was solved. All my permissions were set correctly, however it came down to a registry problem. I found by looking through the MAGT logs, that the Messaging Agent was not even starting, thus the BESX components couldn't properly read all the mail store information about the added users - and that created my activation issue. As a side note for anyone trying to do an OTA activation, another symptom of this was when I went to active my device using the Enterprise Activation, the device would generate the .etp email which would just sit in my Outlook inbox - confirming that BESX was not actually picking up the email and processing it.

Solution for my problem:
Blackberry KB03304

I had to modify my registry and add the key and string values in my BESAdmin account which pointed to the internal FQDN of my BESX server - even though it was all on the same box, the messaging agent couldn't figure out where the MAPI stuff was. Once I fixed the registry, I rebooted the Router and Dispatcher Services, and everything worked. I was able to then activate my device by OTA or USB.

I hope this can help anyone having the same issue!

Registry changes - Added String if not there?
 

Aribrown - could you verify that when you went to these two registry strings that they did not exist and you had to add them? If not what server software are you running?
I have Serv 08 with Exchange 07 and the two strings that the KB03304 say to change are not there, however; i can easily add them if that is the fix.
Did you have to add them?
I am having exact problems described in this forum and am axiously looking for the fix.
Thanks!!!